I've been trying to setup IWA on a new Portal 10.4.1. I have successfully configured IWA in the past on 10.3.1 & 10.4.1 in the same network.
However, now when I try to configure the portal identity store, it fails with the following error:
Code: 500
Portal Log:
SEVERE | Failed to update identity store. Cannot connect to user store using supplied configuration. Verify the user store configuration is correct and try again. | 2017-01-29T16:29:27,947 | Portal Admin | DEV-APPSERVER.ESRI.LOCAL | Admin | 205007 | 6776 |
WARNING | Unable to connect to the identity store using SSL. ArcGIS Server will revert to using a non-SSL connection to the identity store and credentials will be sent in clear text. In order to use SSL, verify that your identity store has SSL enabled. | 2017-01-29T16:29:27,946 | Portal Admin | DEV-APPSERVER.ESRI.LOCAL | 219999 | 6776 |
I am not sure if the issue is with the Portal or anything is changed from my network side. Another post (Failed to return user store. For input string: "8997:266::8997:266" ) suggested to look for Windows Tunnel Adapter 6TO4 , but I could not find this on my Portal Server.
Any ideas?
Are you using IE?
There are issue with Chrome and 10.4.1.
There is a patch out there but I've found that while it clears up most issues, I still occasionaly have issues.
I recommend just using IE.
Info on the patch:
Thanks Paul for your reply. I tried it on IE 11. Same results.
Hey. have you solved the problem?
I have just hot the same one.
Ivan.
I get the same error with 10.6 in Chrome and IE 11 😞
Same here... did you get over this?
I encountered the same error message when attempting to configure Portal to use our enterprise active directory identity store. In my case, it was a simple syntax error in my user store configuration JSON. For the user parameter, make sure you use a double backslash (i.e. "mydomain\\winaccount"). If you use a single backslash the Portal identity store configuration will fail, and return the error above. See entire JSON example below for further context.
{ "type": "WINDOWS", "properties": { "userPassword": "secret", "isPasswordEncrypted": "false", "user": "mydomain\\winaccount", "userFullnameAttribute": "cn", "userEmailAttribute": "mail", "caseSensitive": "false" } }
I just came up against this issue too.
The solution for me was to use a different format for the domain\\username.
I used username@domain instead
That worked.
Thanks - best answer for me. Using Windows Server 2016 and Portal 10.8.1.
I had the same issue. I found a resolution.
I had configured my portals identity store with my own domain login for testing. Worked fine. Following ESRIs best practice advice (http://enterprise.arcgis.com/en/portal/latest/administer/windows/use-integrated-windows-authenticati...) I asked my ICT to make a basic domain account who can do lookup and whose password doesn't expire. In my case I called it GISLookUp.
I kept getting the same error described even though I was sure that there was nothing wrong with the JSON. I thought that perhaps my ICT had stuffed up the account so I signed in to the domain using GISLookUp. I noticed that Windows asked me for a password change up front. Once done and signed in I was happy the account worked. Then I tried to update identity store again and it worked!
The problem for me was the new domain account hadn't been registered or activated or whatever it is that Windows does until I had done that initial sign in. Try signing in with the account you are using first.